CVE-2025-12974
- EPSS 0.16%
- Veröffentlicht 18.11.2025 03:27:07
- Zuletzt bearbeitet 18.11.2025 14:06:29
The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not inclu...
CVE-2025-12352
- EPSS 0.19%
- Veröffentlicht 07.11.2025 04:28:53
- Zuletzt bearbeitet 12.11.2025 16:20:22
The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copy_post_image() function in all versions up to, and including, 2.9.20. This makes it possible for unauthenticated attackers to...
CVE-2024-13377
- EPSS 1.12%
- Veröffentlicht 17.01.2025 10:15:07
- Zuletzt bearbeitet 17.01.2025 10:15:07
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alt’ parameter in all versions up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthent...
CVE-2024-13378
- EPSS 1.12%
- Veröffentlicht 17.01.2025 10:15:07
- Zuletzt bearbeitet 17.01.2025 10:15:07
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style_settings’ parameter in versions 2.9.0.1 up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping. This makes it possibl...
CVE-2023-28782
- EPSS 0.15%
- Veröffentlicht 20.12.2023 15:15:07
- Zuletzt bearbeitet 21.11.2024 07:56:00
Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. Gravity Forms.This issue affects Gravity Forms: from n/a through 2.7.3.